This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[patch] Fix for "In function `_int_malloc' ... warning: `fb' may be used uninitialized in this function"
- From: ppluzhnikov at google dot com (Paul Pluzhnikov)
- To: libc-alpha at sourceware dot org
- Cc: ppluzhnikov at google dot com
- Date: Tue, 30 Mar 2010 11:51:33 -0700 (PDT)
- Subject: [patch] Fix for "In function `_int_malloc' ... warning: `fb' may be used uninitialized in this function"
Greetings,
Building glibc on Linux with ATOMIC_FASTBINS not defined results in a warning:
malloc.c: In function `_int_malloc':
malloc.c:4288:18: warning: `fb' may be used uninitialized in this function
We've analyzed the warning, and it is real -- there really is an error
path through _int_malloc() which results in assignment to *fb where fb has
not been initialized. This path only happens when heap corruption is
detected and when malloc_printerr() does not abort.
But there is no reason for glibc to corrupt the state of the program even
further, and the extra branch/assignment introduced by the patchlet below
will only happen on error path, so (I think) the efficiency arguments
don't apply here. Also, building without warnings is comforting.
Thanks,
--
Paul Pluzhnikov
2010-03-30 Paul Pluzhnikov <ppluzhnikov@google.com>
* malloc/malloc.c: Fix "may be used uninitialized" warning.
diff --git a/malloc/malloc.c b/malloc/malloc.c
index 6993aea..b926c74 100644
--- a/malloc/malloc.c
+++ b/malloc/malloc.c
@@ -4300,11 +4300,16 @@ _int_malloc(mstate av, size_t bytes)
victim = *fb;
#endif
if (victim != 0) {
+ mfastbinptr junk;
if (__builtin_expect (fastbin_index (chunksize (victim)) != idx, 0))
{
- errstr = "malloc(): memory corruption (fast)";
+ const char *const errstr_fast = "malloc(): memory corruption (fast)";
+ errstr = errstr_fast;
errout:
malloc_printerr (check_action, errstr, chunk2mem (victim));
+ if (errstr != errstr_fast)
+ /* We jumped to errout label; fb has not been assigned. */
+ fb = &junk;
}
#ifndef ATOMIC_FASTBINS
*fb = victim->fd;